------------------------------------------------------------------------------ Mohamed G. Gouda Homework 3 CS 395T: Network Protocol Security Fall 2006 ------------------------------------------------------------------------------ 1. (3 points) Each security association in IPsec is uniquely identifiable in the Internet by the value triple: (SA#, type, dst) where SA# is a 4-byte id given to the security association, type is the type of the security association, AH or ESP, and dst is the IP address of the destination of the security association. What are the advantages of this design decision over making each security association uniquely identifiable in the Internet by each of the following value pairs: (SA#, type), (type, dst), and (SA#, dst) ------------------------------------------------------------------------------ 2. (4 points) Specify the rules of a firewall for a private network whose computers have the IP addresses 128.83.0.0/16. the firewall has two interfaces: interface 0 that connects the firewall with the rest of the Internet, and interface 1 that connects the firewall with the private network. The private network has an email server whose IP address is 128.83.5.3. This email server accepts email messages, from the rest of the Internet and from the private network, over tcp port 25. The firewall does the following: i. It discards any message intended to establish a tcp connection from a computer in the rest of the Internet to any tcp port in any computer in the private network, other than tcp port 25 in computer 128.83.5.3. ii. It discards any message from the rest of the Internet if the IP address of the source of the message is in 128.83.0.0/16. iii. It accepts all other messages from the rest of the Internet, other than those specified in i and ii. iv. It discards any message from the private network iff the IP address of the source of the message is in 128.83.0.0/16. ------------------------------------------------------------------------------ 3. (3 points) A voting system consists of human voters, a certifying server, a voting server, and a mix server. The communications between human voters and the certifying server are over SSL connections. Also the communication between the certifying server and the voting server is over SSL. The communications between human voters and the voting server are via the mix server. The certifying server maintains a database that contains a pair of data items concerning each voter, namely the voter's name and the voter's voting number. First, a voter v sends an initiation message, that contains its name and its voting number, to the certifying server. If the certifying server checks that the received pair (voter's name, voter's voting number) is in its database, then the certifying server records that this voter has already be certified, and selects a random nonce n and sends one copy of n to the voting server and sends another copy of n to voter v. (The certifying server needs to ensure that the voting server has received its copy of n before voter v has received its copy of n.) Later after voter v receives nonce n from the certifying server, v sends a message B.mix> to the mix server, where B.mix is the public key of the mix server and B.voting is the public key of the voting server. The mix server forwards this message, as B.voting, to the voting server. The voting server keeps a record of all the nonces that it has received from the certifying server. When the voting server receives the message B.voting, it checks whether n is in its record of all nonces received from the certifying server. If so, then the voting server records that nonce n has already been used and enters myvote in its vote tally. If not, then the voting server discards myvote. Specify three security properties that this voting system satisfies. Also specify one security property that this voting system does not satisfy. -------------------------------------------------------------------------------